CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31425 – Privilege escalation via the fosexec command
https://notcve.org/view.php?id=CVE-2023-31425
01 Aug 2023 — A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. ... Una vulnerabilidad en el comando fosexec de Brocade Fabric OS después de Brocade Fabric OS v9.1.0 y, antes de Brocade Fabric OS v9.1.1 podría permitir a un usuario local autenticado realizar una escalada de privilegios a root rompiendo el shell... • https://security.netapp.com/advisory/ntap-20230908-0007 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3670 – Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting
https://notcve.org/view.php?id=CVE-2023-3670
28 Jul 2023 — In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguise... • https://cert.vde.com/en/advisories/VDE-2023-024 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 2CVE-2023-28130 – Checkpoint Gaia Portal R81.10 Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-28130
26 Jul 2023 — Local user may lead to privilege escalation using Gaia Portal hostnames page. • https://packetstorm.news/files/id/173918 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 11CVE-2023-2640 – Canonical Ubuntu OverlayFS File System Missing Authorization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2640
26 Jul 2023 — This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... A local attacker could possibly use this to gain elevated privileges. • https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 9CVE-2023-32629 – Ubuntu Security Notice USN-6285-1
https://notcve.org/view.php?id=CVE-2023-32629
26 Jul 2023 — Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels La vulnerabilidad de escalada de privilegios locales en los kernels de Ubuntu que superpone ovl_copy_up_meta_inode_data omite comprobaciones de permisos al llamar a ovl_do_setxattr en kernels de Ubuntu It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situatio... • https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37907 – Cryptomator's MSI installer allows local privilege escalation
https://notcve.org/view.php?id=CVE-2023-37907
25 Jul 2023 — Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. ... A simple LPE is possible via a breakout. • https://github.com/cryptomator/cryptomator/commit/b48ebd524b1626bf12ac98e35a7670b868fa208c • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28133
https://notcve.org/view.php?id=CVE-2023-28133
23 Jul 2023 — Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file • https://support.checkpoint.com/results/sk/sk181276 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-3776 – Use-after-free in Linux kernel's net/sched: cls_fw component
https://notcve.org/view.php?id=CVE-2023-3776
21 Jul 2023 — A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. ... This may allow a local attacker to gain local privilege escalation. ... A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-3611 – Out-of-bounds write in Linux kernel's net/sched: sch_qfq component
https://notcve.org/view.php?id=CVE-2023-3611
21 Jul 2023 — An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. ... This flaw allows a local user to crash or potentially escalate their privileges on the system. ... A local attacker could possibly use this to expose sensitive information. ... A local attacker could possibly use this to gain elevated privileges. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3610 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-3610
21 Jul 2023 — A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. ... This flaw allows a local attacker with CAP_NET_ADMIN access capability to cause a local privilege escalation problem. ... A local attacker could possibly use this to expose sensitive information. ... A local attacker could possibly use this to gain elevated privileges. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795 • CWE-416: Use After Free •